Vulnerabilities > Cesanta

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-36370 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-05-28 CVE-2020-36371 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-05-28 CVE-2020-36372 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-05-28 CVE-2020-36373 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-05-28 CVE-2020-36374 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-05-28 CVE-2020-36375 Uncontrolled Recursion vulnerability in Cesanta MJS 1.20.1
Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
local
low complexity
cesanta CWE-674
5.5
5.5
2021-04-29 CVE-2021-31875 Off-by-one Error vulnerability in Cesanta Mongooseos MJS 1.26
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow.
network
low complexity
cesanta CWE-193
critical
 9.8
9.8
2021-02-08 CVE-2021-26530 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
critical
 9.1
9.1
2021-02-08 CVE-2021-26529 Out-of-bounds Write vulnerability in Cesanta Mongoose
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
critical
 9.1
9.1
2021-02-08 CVE-2021-26528 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
network
low complexity
cesanta CWE-787
critical
 9.1
9.1